LVM libraries and LVM Python bindings have been deprecated

The lvm2app library and LVM Python bindings, which are provided by the lvm2-python-libs package, have been deprecated.

Red Hat recommends the following solutions instead:

The LVM D-Bus API in combination with the lvm2-dbusd service. This requires using Python version 3.

The LVM command-line utilities with JSON formatting; this formatting has been available since the lvm2 package version 2.02.158.

Mirrored mirror log has been deprecated in LVM

The mirrored mirror log feature of mirrored LVM volumes has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support creating or activating LVM volumes with a mirrored mirror log.

The recommended replacements are:

RAID1 LVM volumes. The main advantage of RAID1 volumes is their ability to work even in degraded mode and to recover after a transient failure. For information on converting mirrored volumes to RAID1, see the Converting a Mirrored LVM Device to a RAID1 Device section in the LVM Administration guide.

In Red Hat Enterprise Linux 7.5, the following packages were added to the table above:

mod_auth_kerb

python-kerberos, python-krbV

python-requests-kerberos

hesiod

mod_nss

mod_revocator

Support for earlier IdM servers and for IdM replicas at domain level 0 will be limited

Red Hat does not plan to support using Identity Management (IdM) servers running Red Hat Enterprise Linux (RHEL) 7.3 and earlier with IdM clients of the next major release of RHEL. If you plan to introduce client systems running on the next major version of RHEL into a deployment that is currently managed by IdM servers running on RHEL 7.3 or earlier, be aware that you will need to upgrade the servers, moving them to RHEL 7.4 or later.

In the next major release of RHEL, only domain level 1 replicas will be supported. Before introducing IdM replicas running on the next major version of RHEL into an existing deployment, be aware that you will need to upgrade all IdM servers to RHEL 7.4 or later, and change the domain level to 1.

Consider planning the upgrade in advance if your deployment will be affected.

Bug-fix only support for the nss-pam-ldapd and NIS packages in the next major release of Red Hat Enterprise Linux

The nss-pam-ldapd packages and packages related to the NIS server will be released in the future major release of Red Hat Enterprise Linux but will receive a limited scope of support. Red Hat will accept bug reports but no new requests for enhancements. Customers are advised to migrate to the following replacement solutions:

Affected packages

Proposed replacement package or product

nss-pam-ldapd

sssd

ypserv

ypbind

portmap

yp-tools

Identity Management in Red Hat Enterprise Linux

Use the Go Toolset instead of golang

The golang package has been updated to version 1.9 with Red Hat Enterprise Linux 7.5.

The golang package, available in the Optional channel, will be removed from a future minor release of Red Hat Enterprise Linux 7. Developers are encouraged to use the Go Toolset instead, which is currently available as a Technology Preview through the Red Hat Developer program.

mesa-private-llvm will be replaced with llvm-private

The mesa-private-llvm package, which contains the LLVM-based runtime support for Mesa, will be replaced in a future minor release of Red Hat Enterprise Linux 7 with the llvm-private package.

libdbi and libdbi-drivers have been deprecated

The libdbi and libdbi-drivers packages will not be included in the next Red Hat Enterprise Linux (RHEL) major release.

Ansible deprecated in the Extras channel

Ansible and its dependencies will no longer be updated through the Extras channel. Instead, the Red Hat Ansible Engine product has been made available to Red Hat Enterprise Linux subscriptions and will provide access to the official Ansible Engine channel. Customers who have previously installed Ansible and its dependencies from the Extras channel are advised to enable and update from the Ansible Engine channel, or uninstall the packages as future errata will not be provided from the Extras channel.

Note that Red Hat Enterprise Linux System Roles, available as a Technology Preview, continue to be distributed though the Extras channel. Although Red Hat Enterprise Linux System Roles no longer depend on the ansible package, installing ansible from the Ansible Engine repository is still needed to run playbooks which use Red Hat Enterprise Linux System Roles.

signtool has been deprecated

The signtool tool from the nss packages, which uses insecure signature algorithms, has been deprecated and will not be included in a future minor release of Red Hat Enterprise Linux.

TLS compression support has been removed from nss

To prevent security risks, such as the CRIME attack, support for TLS compression in the NSS library has been removed for all TLS versions. This change preserves the API compatibility.

Public web CAs are no longer trusted for code signing by default

The Mozilla CA certificate trust list distributed with Red Hat Enterprise Linux 7.5 no longer trusts any public web CAs for code signing. As a consequence, any software that uses the related flags, such as NSS or OpenSSL, no longer trusts these CAs for code signing by default. The software continues to fully support code signing trust. Additionally, it is still possible to configure CA certificates as trusted for code signing using system configuration.

Sendmail has been deprecated

Sendmail has been deprecated in Red Hat Enterprise Linux 7. Customers are advised to use Postfix, which is configured as the default Mail Transfer Agent (MTA).

dmraid has been deprecated

Since Red Hat Enterprise Linux 7.5, the dmraid packages have been deprecated. It will stay available in Red Hat Enterprise Linux 7 releases but a future major release will no longer support legacy hybrid combined hardware and software RAID host bus adapter (HBA).

Automatic loading of DCCP modules through socket layer is now disabled by default

For security reasons, automatic loading of the Datagram Congestion Control Protocol (DCCP) kernel modules through socket layer is now disabled by default. This ensures that userspace applications can not maliciously load any modules. All DCCP related modules can still be loaded manually through the modprobe program.

The /etc/modprobe.d/dccp-blacklist.conf configuration file for blacklisting the DCCP modules is included in the kernel package. Entries included there can be cleared by editing or removing this file to restore the previous behavior.

Note that any re-installation of the same kernel package or of a different version does not override manual changes. If the file is manually edited or removed, these changes persist across package installations.

rsyslog-libdbi has been deprecated

The rsyslog-libdbi sub-package, which contains one of the less used rsyslog module, has been deprecated and will not be included in a future major release of Red Hat Enterprise Linux. Removing unused or rarely used modules helps users to conveniently find a database output to use.

The inputname option of the rsyslogimudp module has been deprecated

The inputname option of the imudp module for the rsyslog service has been deprecated. Use the name option instead.

SMBv1 is no longer installed with Microsoft Windows 10 and 2016 (updates 1709 and later)

Microsoft announced that the Server Message Block version 1 (SMBv1) protocol will no longer be installed with the latest versions of Microsoft Windows and Microsoft Windows Server. Microsoft also recommends users to disable SMBv1 on earlier versions of these products.

This update impacts Red Hat customers who operate their systems in a mixed Linux and Windows environment. Red Hat Enterprise Linux 7.1 and earlier support only the SMBv1 version of the protocol. Support for SMBv2 was introduced in Red Hat Enterprise Linux 7.2.

FedFS has been deprecated

Federated File System (FedFS) has been deprecated because the upstream FedFS project is no longer being actively maintained. Red Hat recommends migrating FedFS installations to use autofs, which provides more flexible functionality.

Btrfs has been deprecated

The Btrfs file system has been in Technology Preview state since the initial release of Red Hat Enterprise Linux 6. Red Hat will not be moving Btrfs to a fully supported feature and it will be removed in a future major release of Red Hat Enterprise Linux.

The Btrfs file system did receive numerous updates from the upstream in Red Hat Enterprise Linux 7.4 and will remain available in the Red Hat Enterprise Linux 7 series. However, this is the last planned update to this feature.

tcp_wrappers deprecated

The tcp_wrappers package has been deprecated. tcp_wrappers provides a library and a small daemon program that can monitor and filter incoming requests for audit, cyrus-imap, dovecot, nfs-utils, openssh, openldap, proftpd, sendmail, stunnel, syslog-ng, vsftpd, and various other network services.

nautilus-open-terminal replaced with gnome-terminal-nautilus

Since Red Hat Enterprise Linux 7.3, the nautilus-open-terminal package has been deprecated and replaced with the gnome-terminal-nautilus package. This package provides a Nautilus extension that adds the Open in Terminal option to the right-click context menu in Nautilus. nautilus-open-terminal is replaced by gnome-terminal-nautilus during the system upgrade.

sslwrap() removed from Python

The sslwrap() function has been removed from Python 2.7. After the 466 Python Enhancement Proposal was implemented, using this function resulted in a segmentation fault. The removal is consistent with upstream.

Red Hat recommends using the ssl.SSLContext class and the ssl.SSLContext.wrap_socket() function instead. Most applications can simply use the ssl.create_default_context() function, which creates a context with secure default settings. The default context uses the system's default trust store, too.

Symbols from libraries linked as dependencies no longer resolved by ld

Previously, the ld linker resolved any symbols present in any linked library, even if some libraries were linked only implicitly as dependencies of other libraries. This allowed developers to use symbols from the implicitly linked libraries in application code and omit explicitly specifying these libraries for linking.

For security reasons, ld has been changed to not resolve references to symbols in libraries linked implicitly as dependencies.

As a result, linking with ld fails when application code attempts to use symbols from libraries not declared for linking and linked only implicitly as dependencies. To use symbols from libraries linked as dependencies, developers must explicitly link against these libraries as well.

To restore the previous behavior of ld, use the -copy-dt-needed-entries command-line option. (BZ#1292230)

Windows guest virtual machine support limited

libnetlink is deprecated

The libnetlink library contained in the iproute-devel package has been deprecated. The user should use the libnl and libmnl libraries instead.

S3 and S4 power management states for KVM have been deprecated

Native KVM support for the S3 (suspend to RAM) and S4 (suspend to disk) power management states has been discontinued. This feature was previously available as a Technology Preview.

The Certificate Server plug-in udnPwdDirAuth is discontinued

The udnPwdDirAuth authentication plug-in for the Red Hat Certificate Server was removed in Red Hat Enterprise Linux 7.3. Profiles using the plug-in are no longer supported. Certificates created with a profile using the udnPwdDirAuth plug-in are still valid if they have been approved.

Red Hat Access plug-in for IdM is discontinued

The Red Hat Access plug-in for Identity Management (IdM) was removed in Red Hat Enterprise Linux 7.3. During the update, the redhat-access-plugin-ipa package is automatically uninstalled. Features previously provided by the plug-in, such as Knowledgebase access and support case engagement, are still available through the Red Hat Customer Portal. Red Hat recommends to explore alternatives, such as the redhat-support-tool tool.

The Ipsilon identity provider service for federated single sign-on

The ipsilon packages were introduced as Technology Preview in Red Hat Enterprise Linux 7.2. Ipsilon links authentication providers and applications or utilities to allow for single sign-on (SSO).

Red Hat does not plan to upgrade Ipsilon from Technology Preview to a fully supported feature. The ipsilon packages will be removed from Red Hat Enterprise Linux in a future minor release.

Red Hat has released Red Hat Single Sign-On as a web SSO solution based on the Keycloak community project. Red Hat Single Sign-On provides greater capabilities than Ipsilon and is designated as the standard web SSO solution across the Red Hat product portfolio.

Several rsyslog options deprecated

The rsyslog utility version in Red Hat Enterprise Linux 7.4 has deprecated a large number of options. These options no longer have any effect and cause a warning to be displayed.

The functionality previously provided by the options -c, -u, -q, -x, -A, -Q, -4, and -6 can be achieved using the rsyslog configuration.

There is no replacement for the functionality previously provided by the options -l and -s

Deprecated symbols from the memkind library

The following symbols from the memkind library have been deprecated:

memkind_finalize()

memkind_get_num_kind()

memkind_get_kind_by_partition()

memkind_get_kind_by_name()

memkind_partition_mmap()

memkind_get_size()

MEMKIND_ERROR_MEMALIGN

MEMKIND_ERROR_MALLCTL

MEMKIND_ERROR_GETCPU

MEMKIND_ERROR_PMTT

MEMKIND_ERROR_TIEDISTANCE

MEMKIND_ERROR_ALIGNMENT

MEMKIND_ERROR_MALLOCX

MEMKIND_ERROR_REPNAME

MEMKIND_ERROR_PTHREAD

MEMKIND_ERROR_BADPOLICY

MEMKIND_ERROR_REPPOLICY

Options of Sockets API Extensions for SCTP (RFC 6458) deprecated

The options SCTP_SNDRCV, SCTP_EXTRCV and SCTP_DEFAULT_SEND_PARAM of Sockets API Extensions for the Stream Control Transmission Protocol have been deprecated per the RFC 6458 specification.

New options SCTP_SNDINFO, SCTP_NXTINFO, SCTP_NXTINFO and SCTP_DEFAULT_SNDINFO have been implemented as a replacement for the deprecated options.

Managing NetApp ONTAP using SSLv2 and SSLv3 is no longer supported by libstorageMgmt

The SSLv2 and SSLv3 connections to the NetApp ONTAP storage array are no longer supported by the libstorageMgmt library. Users can contact NetApp support to enable the Transport Layer Security (TLS) protocol.

dconf-dbus-1 has been deprecated and dconf-editor is now delivered separately

With this update, the dconf-dbus-1 API has been removed. However, the dconf-dbus-1 library has been backported to preserve binary compatibility. Red Hat recommends using the GDBus library instead of dconf-dbus-1.

The dconf-error.h file has been renamed to dconf-enums.h. In addition, the dconf Editor is now delivered in the separate dconf-editor package.

FreeRADIUS no longer accepts Auth-Type := System

The FreeRADIUS server no longer accepts the Auth-Type := System option for the rlm_unix authentication module. This option has been replaced by the use of the unix module in the authorize section of the configuration file.

Deprecated Device Drivers

The following device drivers continue to be supported until the end of life of Red Hat Enterprise Linux 7 but will likely not be supported in future major releases of this product and are not recommended for new deployments.

3w-9xxx

3w-sas

aic79xx

aoe

arcmsr

ata drivers:

acard-ahci

sata_mv

sata_nv

sata_promise

sata_qstor

sata_sil

sata_sil24

sata_sis

sata_svw

sata_sx4

sata_uli

sata_via

sata_vsc

bfa

cxgb3

cxgb3i

hptiop

isci

iw_cxgb3

mptbase

mptctl

mptsas

mptscsih

mptspi

mtip32xx

mvsas

mvumi

OSD drivers:

osd

libosd

osst

pata drivers:

pata_acpi

pata_ali

pata_amd

pata_arasan_cf

pata_artop

pata_atiixp

pata_atp867x

pata_cmd64x

pata_cs5536

pata_hpt366

pata_hpt37x

pata_hpt3x2n

pata_hpt3x3

pata_it8213

pata_it821x

pata_jmicron

pata_marvell

pata_netcell

pata_ninja32

pata_oldpiix

pata_pdc2027x

pata_pdc202xx_old

pata_piccolo

pata_rdc

pata_sch

pata_serverworks

pata_sil680

pata_sis

pata_via

pdc_adma

pm80xx(pm8001)

pmcraid

qla3xxx

stex

sx8

ufshcd

Deprecated Adapters

The following adapters from the aacraid driver have been deprecated:

PERC 2/Si (Iguana/PERC2Si), PCI ID 0x1028:0x0001

PERC 3/Di (Opal/PERC3Di), PCI ID 0x1028:0x0002

PERC 3/Si (SlimFast/PERC3Si), PCI ID 0x1028:0x0003

PERC 3/Di (Iguana FlipChip/PERC3DiF), PCI ID 0x1028:0x0004

PERC 3/Di (Viper/PERC3DiV), PCI ID 0x1028:0x0002

PERC 3/Di (Lexus/PERC3DiL), PCI ID 0x1028:0x0002

PERC 3/Di (Jaguar/PERC3DiJ), PCI ID 0x1028:0x000a

PERC 3/Di (Dagger/PERC3DiD), PCI ID 0x1028:0x000a

PERC 3/Di (Boxster/PERC3DiB), PCI ID 0x1028:0x000a

catapult, PCI ID 0x9005:0x0283

tomcat, PCI ID 0x9005:0x0284

Adaptec 2120S (Crusader), PCI ID 0x9005:0x0285

Adaptec 2200S (Vulcan), PCI ID 0x9005:0x0285

Adaptec 2200S (Vulcan-2m), PCI ID 0x9005:0x0285

Legend S220 (Legend Crusader), PCI ID 0x9005:0x0285

Legend S230 (Legend Vulcan), PCI ID 0x9005:0x0285

Adaptec 3230S (Harrier), PCI ID 0x9005:0x0285

Adaptec 3240S (Tornado), PCI ID 0x9005:0x0285

ASR-2020ZCR SCSI PCI-X ZCR (Skyhawk), PCI ID 0x9005:0x0285

ASR-2025ZCR SCSI SO-DIMM PCI-X ZCR (Terminator), PCI ID 0x9005:0x0285

ASR-2230S + ASR-2230SLP PCI-X (Lancer), PCI ID 0x9005:0x0286

ASR-2130S (Lancer), PCI ID 0x9005:0x0286

AAR-2820SA (Intruder), PCI ID 0x9005:0x0286

AAR-2620SA (Intruder), PCI ID 0x9005:0x0286

AAR-2420SA (Intruder), PCI ID 0x9005:0x0286

ICP9024RO (Lancer), PCI ID 0x9005:0x0286

ICP9014RO (Lancer), PCI ID 0x9005:0x0286

ICP9047MA (Lancer), PCI ID 0x9005:0x0286

ICP9087MA (Lancer), PCI ID 0x9005:0x0286

ICP5445AU (Hurricane44), PCI ID 0x9005:0x0286

ICP9085LI (Marauder-X), PCI ID 0x9005:0x0285

ICP5085BR (Marauder-E), PCI ID 0x9005:0x0285

ICP9067MA (Intruder-6), PCI ID 0x9005:0x0286

Themisto Jupiter Platform, PCI ID 0x9005:0x0287

Themisto Jupiter Platform, PCI ID 0x9005:0x0200

Callisto Jupiter Platform, PCI ID 0x9005:0x0286

ASR-2020SA SATA PCI-X ZCR (Skyhawk), PCI ID 0x9005:0x0285

ASR-2025SA SATA SO-DIMM PCI-X ZCR (Terminator), PCI ID 0x9005:0x0285

AAR-2410SA PCI SATA 4ch (Jaguar II), PCI ID 0x9005:0x0285

CERC SATA RAID 2 PCI SATA 6ch (DellCorsair), PCI ID 0x9005:0x0285

AAR-2810SA PCI SATA 8ch (Corsair-8), PCI ID 0x9005:0x0285

AAR-21610SA PCI SATA 16ch (Corsair-16), PCI ID 0x9005:0x0285

ESD SO-DIMM PCI-X SATA ZCR (Prowler), PCI ID 0x9005:0x0285

AAR-2610SA PCI SATA 6ch, PCI ID 0x9005:0x0285

ASR-2240S (SabreExpress), PCI ID 0x9005:0x0285

ASR-4005, PCI ID 0x9005:0x0285

IBM 8i (AvonPark), PCI ID 0x9005:0x0285

IBM 8i (AvonPark Lite), PCI ID 0x9005:0x0285

IBM 8k/8k-l8 (Aurora), PCI ID 0x9005:0x0286

IBM 8k/8k-l4 (Aurora Lite), PCI ID 0x9005:0x0286

ASR-4000 (BlackBird), PCI ID 0x9005:0x0285

ASR-4800SAS (Marauder-X), PCI ID 0x9005:0x0285

ASR-4805SAS (Marauder-E), PCI ID 0x9005:0x0285

ASR-3800 (Hurricane44), PCI ID 0x9005:0x0286

Perc 320/DC, PCI ID 0x9005:0x0285

Adaptec 5400S (Mustang), PCI ID 0x1011:0x0046

Adaptec 5400S (Mustang), PCI ID 0x1011:0x0046

Dell PERC2/QC, PCI ID 0x1011:0x0046

HP NetRAID-4M, PCI ID 0x1011:0x0046

Dell Catchall, PCI ID 0x9005:0x0285

Legend Catchall, PCI ID 0x9005:0x0285

Adaptec Catch All, PCI ID 0x9005:0x0285

Adaptec Rocket Catch All, PCI ID 0x9005:0x0286

Adaptec NEMER/ARK Catch All, PCI ID 0x9005:0x0288

The following adapters from the mpt2sas driver have been deprecated:

SAS2004, PCI ID 0x1000:0x0070

SAS2008, PCI ID 0x1000:0x0072

SAS2108_1, PCI ID 0x1000:0x0074

SAS2108_2, PCI ID 0x1000:0x0076

SAS2108_3, PCI ID 0x1000:0x0077

SAS2116_1, PCI ID 0x1000:0x0064

SAS2116_2, PCI ID 0x1000:0x0065

SSS6200, PCI ID 0x1000:0x007E

The following adapters from the megaraid_sas driver have been deprecated:

Dell PERC5, PCI ID 0x1028:0x15

SAS1078R, PCI ID 0x1000:0x60

SAS1078DE, PCI ID 0x1000:0x7C

SAS1064R, PCI ID 0x1000:0x411

VERDE_ZCR, PCI ID 0x1000:0x413

SAS1078GEN2, PCI ID 0x1000:0x78

SAS0079GEN2, PCI ID 0x1000:0x79

SAS0073SKINNY, PCI ID 0x1000:0x73

SAS0071SKINNY, PCI ID 0x1000:0x71

The following adapters from the qla2xxx driver have been deprecated:

ISP24xx, PCI ID 0x1077:0x2422

ISP24xx, PCI ID 0x1077:0x2432

ISP2422, PCI ID 0x1077:0x5422

QLE220, PCI ID 0x1077:0x5432

QLE81xx, PCI ID 0x1077:0x8001

QLE10000, PCI ID 0x1077:0xF000

QLE84xx, PCI ID 0x1077:0x8044

QLE8000, PCI ID 0x1077:0x8432

QLE82xx, PCI ID 0x1077:0x8021

The following adapters from the qla4xxx driver have been deprecated:

QLOGIC_ISP8022, PCI ID 0x1077:0x8022

QLOGIC_ISP8324, PCI ID 0x1077:0x8032

QLOGIC_ISP8042, PCI ID 0x1077:0x8042

The following Ethernet adapter controlled by the be2net driver has been deprecated:

To check the PCI IDs of the hardware on your system, run the lspci -nn command.

Note that other adapters from the mentioned drivers that are not listed here remain unchanged.

The libcxgb3 library and the cxgb3 firmware package have been deprecated

The libcxgb3 library provided by the libibverbs package and the cxgb3 firmware package have been deprecated. They continue to be supported in Red Hat Enterprise Linux 7 but will likely not be supported in the next major releases of this product. This change corresponds with the deprecation of the cxgb3, cxgb3i, and iw_cxgb3 drivers listed above.

SFN4XXX adapters have been deprecated

Starting with Red Hat Enterprise Linux 7.4, SFN4XXX Solarflare network adapters have been deprecated. Previously, Solarflare had a single driver sfc for all adapters. Recently, support of SFN4XXX was split from sfc and moved into a new SFN4XXX-only driver, called sfc-falcon. Both drivers continue to be supported at this time, but sfc-falcon and SFN4XXX support is scheduled for removal in a future major release.

The software-initiated-only type of the Fibre Channel over Ethernet (FCoE) storage technology has been deprecated due to limited customer adoption. The software-initiated-only storage technology will remain supported for the life of Red Hat Enterprise Linux 7. The deprecation notice indicates the intention to remove software-initiated-based FCoE support in a future major release of Red Hat Enterprise Linux.

It is important to note that the hardware support and the associated user-space tools (such as drivers, libfc, or libfcoe) are unaffected by this deprecation notice.

Containers using the libvirt-lxc tooling have been deprecated

The following libvirt-lxc packages are deprecated since Red Hat Enterprise Linux 7.1:

libvirt-daemon-driver-lxc

libvirt-daemon-lxc

libvirt-login-shell

Future development on the Linux containers framework is now based on the docker command-line interface. libvirt-lxc tooling may be removed in a future release of Red Hat Enterprise Linux (including Red Hat Enterprise Linux 7) and should not be relied upon for developing custom container management applications.